Skip to content
Threat Feed

Tag

Wbadmin

1 brief RSS
medium advisory

NTDS Dump via Wbadmin

Attackers with Backup Operator privileges may abuse wbadmin.exe to access the NTDS.dit file, enabling credential dumping and domain compromise.

Microsoft Defender XDR +4 credential-access windows wbadmin ntds.dit
2r 2t